<VirtualHost *:443>
    SSLEngine on
    SSLProtocol {{ ssl_protocols }}
    # Use secure TLSv1.1 and TLSv1.2 ciphers
    SSLCipherSuite {{ ssl_ciphers }}
    SSLHonorCipherOrder on
    Header always add Strict-Transport-Security "max-age=31536000; preload"

    SSLCertificateFile    /etc/letsencrypt/live/{{ public_hostname }}/cert.pem
    SSLCertificateKeyFile  /etc/letsencrypt/live/{{ public_hostname }}/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/{{ public_hostname }}/fullchain.pem

    ServerName {{ public_hostname }}

</VirtualHost>
